web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Can Copilot Studio use...
Copilot Studio
Answered

Can Copilot Studio use “Authenticate with Microsoft” for a Zoom chatbot via Direct Line?

(3) ShareShare
ReportReport
Posted on by FA-06010545-0 33
Hi team,
I am implementing this architecture:
Zoom Team Chat chatbot → Azure adapter → Copilot Studio agent → ServiceNow custom connector
The Zoom bot sends user messages to an Azure-hosted adapter, and the adapter communicates with the Copilot Studio agent through Direct Line / custom app integration. Microsoft documents Direct Line as the supported path for connecting Copilot Studio to custom or native apps.
My current question is about authentication mode in Copilot Studio.
Current requirement
I want the Copilot Studio agent to know the current signed-in user so I can apply RBAC in my ServiceNow integration, for example:
  • list only the incidents for the current user
  • create incidents under the current user context
What I want to know:
Can I use “Authenticate with Microsoft” for this external Zoom chatbot scenario instead of:
  • Authenticate manually
  • or No authentication
Why I am asking:
Our Zoom environment is already synchronized with Microsoft Entra ID, so there is effectively a single corporate identity provider. Because of that, I want to understand whether Copilot Studio can treat Zoom users as Microsoft-authenticated users in this scenario.
My understanding from the documentation:
From Microsoft’s documentation, I see the following:
  1. Authenticate with Microsoft automatically sets up Microsoft Entra ID authentication for Teams, and the docs say you get access to the Teams + Microsoft 365 channel. They also say native app and custom app channels can be used.
  2. However, Microsoft also explicitly says:
    “If you need to publish your agent to channels other than Teams + Microsoft 365 but still want authentication for your agent, choose Authenticate manually.”
  3. For custom or external apps, Microsoft documents the custom app / mobile app + Direct Line model, where the app or adapter integrates with the agent through the token endpoint and Direct Line API.
My specific questions:
  1. In a Zoom chatbot + Azure adapter + Direct Line architecture, is Authenticate with Microsoft officially supported?
  2. Does the fact that Zoom users are synced from the same Microsoft Entra ID tenant change the recommendation?
  3. Or is the correct/supported production approach still to use Authenticate manually for this scenario?
  4. If Authenticate with Microsoft is not recommended here, is that because Zoom is still treated as an external/custom channel, even if the organization uses the same Entra ID as the identity source?
Any clarification from the product team or anyone who has implemented this successfully would be very helpful.
Thanks.
 
I have the same question (0)
  • Verified answer
    Vish WR Profile Picture
    Vish WR 2,825 on at
     

    In your Zoom → Azure adapter → Copilot Studio (Direct Line) setup, you should use “Authenticate manually,” not “Authenticate with Microsoft.”

    Even if Zoom users are synced with Entra ID, Copilot Studio only treats Microsoft authentication as valid for native channels like Teams or M365 apps. A Zoom bot is still considered a custom/external channel, so Microsoft sign-in can’t be directly reused there.

    What to do instead

    Pass the signed-in user identity (like UPN or email) from Zoom through your Azure adapter into Copilot Studio, and use that for RBAC logic in ServiceNow.

    Microsoft Auth → Teams/M365 only

    Zoom + Direct Line → must use manual auth

    Entra ID sync doesn’t change this limitation

     
     
    Vishnu WR
     
    Please  Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider answering Yes to Was this reply helpful? or give it a Like 
  • Verified answer
    11manish Profile Picture
    11manish 2,286 on at
    In a Zoom chatbot + Azure adapter + Direct Line integration, “Authenticate with Microsoft” is not the recommended or officially supported authentication model,
     
    even if Zoom users are synchronized from the same Microsoft Entra ID tenant. Zoom is still treated as an external/custom channel by Copilot Studio.
     
    The correct production approach is to use “Authenticate manually” and let your Azure adapter handle identity validation, token exchange, and user-context
     
    propagation into Copilot Studio and downstream systems like ServiceNow.
     
    This provides the proper enterprise pattern for RBAC, user impersonation, and secure external channel integration.
  • Verified answer
    Sayali Profile Picture
    Sayali Microsoft Employee on at
    Hello @FA-06010545-0,
    In a Zoom → Azure adapter → Direct Line → Copilot Studio setup, “Authenticate with Microsoft” is not the recommended approach, even if Zoom users are synced with Entra ID. This option is mainly designed for Teams/Microsoft 365, where the platform provides built-in SSO and user identity. Since Zoom is treated as an external/custom channel, Copilot Studio cannot automatically recognize users as Microsoft-authenticated. Therefore, the correct and supported production approach is “Authenticate manually”, where your adapter handles Entra ID sign-in and passes the authenticated user context to the agent for RBAC scenarios like ServiceNow integration.

    • Is “Authenticate with Microsoft” officially supported for Zoom + Direct Line?
      Not as the intended/authentication-providing path. In Direct Line/custom app scenarios, Microsoft’s own guidance is: if you need auth for channels other than Teams + Microsoft 365, choose “Authenticate manually”. [learn.microsoft.com]

    • Does Entra-synced Zoom change that recommendation?
      No. Syncing identities does not make Zoom a first-party Microsoft channel that can supply a Teams/M365 SSO token to Copilot Studio. The channel is still treated as external/custom, so you still need a custom/manual auth flow. [learn.microsoft.com]


    • Correct/supported approach?
      Authenticate manually (with Entra ID as the IdP) + your adapter handles sign-in and passes identity/tokens to the agent. [learn.microsoft.com]

    Reference Document-
    1.Configure user authentication - Microsoft Copilot Studio | Microsoft Learn
    2.Configure web and Direct Line channel security - Microsoft Copilot Studio | Microsoft Learn
    3.Configure user authentication - Microsoft Copilot Studio | Microsoft Learn

    --------------------------------------------------------------------------------------------------------------------------------------------
    Your feedback is important to us. Please rate us:

    🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor
     
  • FA-06010545-0 Profile Picture
    FA-06010545-0 33 on at
    @Sayali, @11manish  and  @Vish WR
     
    Thank you all for your prompt reply and the suggestions. I will be heading in the suggested direction and if I will have issues further I will post it here. 
    Thank you once again!
  • FA-06010545-0 Profile Picture
    FA-06010545-0 33 on at
    @Sayali@11manish@Vish WR
     Hi team,
    Thanks for the clarification. I have now configured the Copilot Studio agent with Authenticate manually and integrated it with my Zoom Team Chat bot through an Azure adapter + Direct Line.

    The current behavior is:


    1. The user is already signed in to Zoom Workplace

    2. The user opens the Zoom bot and starts chatting

    3. Copilot Studio prompts the user to sign in again

    4. The user signs in with the same Microsoft Entra ID credentials

      5.  

    My question

    Is there any supported way to provide a single sign-on experience here, so that the user signs in only once when entering Zoom Workplace and does not have to sign in again when interacting with the Copilot Studio agent through the Zoom bot?

    More specifically


    • Can the existing Zoom session be reused by Copilot Studio in a Zoom → Azure adapter → Direct Line → Copilot Studio architecture?

    • Or, because Zoom is still treated as an external/custom channel, is a second sign-in always expected when using Authenticate manually?

    • If true SSO is not supported in this scenario, what is the recommended best practice for minimizing sign-in friction?

      •  

    From the Microsoft documentation, my understanding is:


    • For channels other than Teams + Microsoft 365, authentication should be configured using Authenticate manually.

    • Copilot Studio supports SSO when the agent is hosted on a website or app where the user is already signed in.

    • My uncertainty is whether a Zoom chatbot integrated through Direct Line can participate in that same SSO model, or whether it is always treated as an external channel that requires its own sign-in flow.


      •  

    Any guidance would be appreciated.

    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 759

#2
Vish WR Profile Picture

Vish WR 295

#3
Haque Profile Picture

Haque 249

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Block PII/PCI in Copilot Studio agent user prompt

Product updates

Microsoft Power Platform Community release plans